[ntp:questions] IA approved COTS NTP servers question

Fran fran.horan at jhuapl.edu
Fri Jun 4 16:31:49 UTC 2010


On Jun 4, 9:56 am, Joseph Gwinn <joegw... at comcast.net> wrote:
> In article <9ead1ef5-7000-445b-b7d1-ac1083874... at q8g2000vbm.googlegroups.com>,
>
>  Fran <fran.ho... at jhuapl.edu> wrote:
> > Do you know of any DISA IA approved COTS NTP servers ? Didn¹t see any
> > in the approved products lists athttp://iase.disa.mil/common/index.html
>
> > Or, have you configured/tested a COTS NTP server to pass STIG tests ?
>
> > Thanks,
>
> > Fran
>
> > STIG:http://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide
>
> I don't recall that there are any STIGs for NTP timeservers, which are based on
> small dedicated-mode computers running the NTP daemon under some kind of RTOS
> kernel.  
>
> Most timeservers support at least DAC (username and password), but I don't know
> of any that have been evaluated to a protection profile.
>
> Which specific 8500.2 IA Controls (other than those that call out STIGs and
> SRGs) are you responding to?  What is the threat?  
>
> Joe Gwinn

I'll confess I'm a real novice to IA and STIGS Joe. Thanks for your
ideas and questions they will help me figure out where to investigate.
Hopefully will bring something back to this thread after asking around
inside here.




More information about the questions mailing list